Skip to content

crowdsec

v1.7.8 Feature

This release adds 3 notable features for engineering teams evaluating rollout.

Published 23d SIEM & Threat Detection
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

attacks-prevention detection intrusion-detection linux protection security
+1 more
web-application-firewall

ReleasePort's take

Moderate signal
editorial:auto 13d

In v1.7.8 the WAF now validates OpenAPI schemas and enforces body size limits.

Why it matters: Patch to v1.7.8 immediately if you rely on strict request validation or need tighter size controls; these changes affect all traffic routed through the WAF.

Summary

AI summary

WAF now validates OpenAPI schema and enforces body size limits.

Changes in this release

Feature Medium

WAF validates OpenAPI schemas.

WAF validates OpenAPI schemas.

Source: llm_adapter@2026-05-21

Confidence: high
Feature Medium

Decision stream uses chunked transfer by default.

Decision stream uses chunked transfer by default.

Source: llm_adapter@2026-05-21

Confidence: high
Feature Medium

cscli enroll command adds --quick flag.

cscli enroll command adds --quick flag.

Source: llm_adapter@2026-05-21

Confidence: high
Feature Medium

Alternative cleaner configuration available for appsec.

Alternative cleaner configuration available for appsec.

Source: llm_adapter@2026-05-21

Confidence: high
Feature Medium

PAPI metrics added for monitoring.

PAPI metrics added for monitoring.

Source: llm_adapter@2026-05-21

Confidence: low
Performance Medium

Database indexes added for improved query performance.

Database indexes added for improved query performance.

Source: llm_adapter@2026-05-21

Confidence: low
Bugfix Medium

WAF enforces body size limitations.

WAF enforces body size limitations.

Source: llm_adapter@2026-05-21

Confidence: high
Bugfix Medium

cscli metrics no longer attempts DB client without config.

cscli metrics no longer attempts DB client without config.

Source: llm_adapter@2026-05-21

Confidence: high
Bugfix Medium

PAPI stops logging errors when channel closes.

PAPI stops logging errors when channel closes.

Source: llm_adapter@2026-05-21

Confidence: high
Bugfix Medium

Alert creation uses single transaction for consistency.

Alert creation uses single transaction for consistency.

Source: llm_adapter@2026-05-21

Confidence: high
Bugfix Medium

LAPI enforces maximum body size for decompression.

LAPI enforces maximum body size for decompression.

Source: llm_adapter@2026-05-21

Confidence: high
Full changelog

New Features

  • WAF: OpenAPI schema validation (#4097) @blotus

Improvements

  • WAF: enforce body size limitation (#4355) @blotus
  • Decision stream: move to chunked transfer by default (#4413) @blotus
  • cscli: add --quick flag to enroll command (#4350) @blotus
  • propose an alternative, cleaner configuration for appsec-config (#4397) @buixor

Bug Fixes

  • cscli metrics: don't attempt to create a DB client if there's no DB config (#4451) @blotus
  • papi: don't spam logs if chan is closed (#4439) @blotus
  • alerts: use single transaction when creating alert and all related items (#4438) @blotus
  • LAPI: enforce maximum body size for decompression

Chore / Deps

  • build(deps): bump the gomod group across 1 directory with 34 updates (#4453) @dependabot[bot]
  • build(deps): bump the github-actions group with 2 updates (#4447) @dependabot[bot]
  • build(deps): bump alpine from 3.21 to 3.23 in /build/docker in the docker group across 1 directory (#4441) @dependabot[bot]
  • build(deps): bump the github-actions group with 7 updates (#4443) @dependabot[bot]
  • build(deps): bump the uv group in /build/docker/test with 3 updates (#4442) @dependabot[bot]
  • db: add some missing indexes (#4435) @blotus
  • Dependencies update (#4412) @blotus
  • add PAPI metrics (#4411) @blotus
  • build(deps): bump github.com/aws/aws-lambda-go from 1.47.0 to 1.54.0 (#4402) @dependabot[bot]
  • build(deps): bump docker/login-action from 4.0.0 to 4.1.0 (#4403) @dependabot[bot]
  • build(deps): bump github.com/google/go-querystring from 1.1.0 to 1.2.0 (#4400) @dependabot[bot]
  • build(deps): bump actions/setup-go from 6.3.0 to 6.4.0 (#4404) @dependabot[bot]
  • build(deps): bump github.com/aws/aws-sdk-go-v2/service/sqs from 1.42.3 to 1.42.25 (#4405) @dependabot[bot]
  • build(deps): bump release-drafter/release-drafter from 6.4.0 to 7.1.1 (#4381) @dependabot[bot]
  • build(deps): bump codecov/codecov-action from 5.5.2 to 6.0.0 (#4388) @dependabot[bot]
  • build(deps): bump schneegans/dynamic-badges-action from 1.7.0 to 1.8.0 (#4393) @dependabot[bot]
  • build(deps): bump astral-sh/setup-uv from 7.6.0 to 8.0.0 (#4394) @dependabot[bot]
  • build(deps): bump github/codeql-action from 4.33.0 to 4.35.1 (#4395) @dependabot[bot]
  • update dependabot config (#4440) @blotus
  • build(deps): bump requests from 2.32.5 to 2.33.0 in /build/docker/test (#4389) @dependabot[bot]
  • build(deps): bump cryptography from 46.0.5 to 46.0.6 in /build/docker/test (#4391) @dependabot[bot]
  • build(deps): bump pygments from 2.19.2 to 2.20.0 in /build/docker/test (#4396) @dependabot[bot]

Geolite2 notice

This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

Installation

Take a look at the installation instructions.

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track crowdsec

Get notified when new releases ship.

Sign up free

About crowdsec

CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI.

All releases →

Related context

Beta — feedback welcome: [email protected]